Frank Morgner

20 exploits Active since Sep 2018

CVE-2025-66215 WRITEUP LOW WRITEUP

OpenSC: Stack-buffer-overflow WRITE in card-oberthur

OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a token can cause a stack-buffer-overflow WRITE in card-oberthur. The attack requires crafted USB device or smart card that would present the system with specially crafted responses to the APDUs. This issue has been patched in version 0.27.0.

CVSS 3.8

View Code

CVE-2018-16391 WRITEUP MEDIUM WRITEUP

Opensc < 0.18.0 - Memory Corruption

Several buffer overflows when handling responses from a Muscle Card in muscle_list_files in libopensc/card-muscle.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.

CVSS 6.8

View Code

CVE-2018-16392 WRITEUP MEDIUM WRITEUP

Opensc < 0.18.0 - Memory Corruption

Several buffer overflows when handling responses from a TCOS Card in tcos_select_file in libopensc/card-tcos.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.

CVSS 6.8

View Code

CVE-2018-16393 WRITEUP MEDIUM WRITEUP

Opensc < 0.18.0 - Memory Corruption

Several buffer overflows when handling responses from a Gemsafe V1 Smartcard in gemsafe_get_cert_len in libopensc/pkcs15-gemsafeV1.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.

CVSS 6.8

View Code

CVE-2018-16418 WRITEUP MEDIUM WRITEUP

Opensc < 0.18.0 - Memory Corruption

A buffer overflow when handling string concatenation in util_acl_to_str in tools/util.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.

CVSS 6.6

View Code

CVE-2018-16419 WRITEUP MEDIUM WRITEUP

Opensc < 0.18.0 - Memory Corruption

Several buffer overflows when handling responses from a Cryptoflex card in read_public_key in tools/cryptoflex-tool.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.

CVSS 6.6

View Code

CVE-2018-16420 WRITEUP MEDIUM WRITEUP

Opensc < 0.18.0 - Memory Corruption

Several buffer overflows when handling responses from an ePass 2003 Card in decrypt_response in libopensc/card-epass2003.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.

CVSS 6.6

View Code

CVE-2018-16421 WRITEUP MEDIUM WRITEUP

Opensc < 0.18.0 - Memory Corruption

Several buffer overflows when handling responses from a CAC Card in cac_get_serial_nr_from_CUID in libopensc/card-cac.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.

CVSS 6.6

View Code

CVE-2018-16422 WRITEUP MEDIUM WRITEUP

Opensc < 0.18.0 - Memory Corruption

A single byte buffer overflow when handling responses from an esteid Card in sc_pkcs15emu_esteid_init in libopensc/pkcs15-esteid.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.

CVSS 6.6

View Code

CVE-2018-16423 WRITEUP MEDIUM WRITEUP

Opensc < 0.18.0 - Double Free

A double free when handling responses from a smartcard in sc_file_set_sec_attr in libopensc/sc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.

CVSS 6.6

View Code

CVE-2018-16424 WRITEUP MEDIUM WRITEUP

Opensc < 0.18.0 - Double Free

A double free when handling responses in read_file in tools/egk-tool.c (aka the eGK card tool) in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.

CVSS 6.6

View Code

CVE-2018-16425 WRITEUP MEDIUM WRITEUP

Opensc < 0.18.0 - Double Free

A double free when handling responses from an HSM Card in sc_pkcs15emu_sc_hsm_init in libopensc/pkcs15-sc-hsm.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.

CVSS 6.6

View Code

CVE-2018-16426 WRITEUP MEDIUM WRITEUP

OpenSC <0.19.0-rc1 - Use After Free

Endless recursion when handling responses from an IAS-ECC card in iasecc_select_file in libopensc/card-iasecc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to hang or crash the opensc library using programs.

CVSS 4.3

View Code

CVE-2019-15945 WRITEUP MEDIUM WRITEUP

OpenSC <0.20.0-rc1 - Buffer Overflow

OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitstring in decode_bit_string in libopensc/asn1.c.

CVSS 6.4

View Code

CVE-2019-15946 WRITEUP MEDIUM WRITEUP

OpenSC <0.20.0-rc1 - Buffer Overflow

OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry in libopensc/asn1.c.

CVSS 6.4

View Code

CVE-2019-19479 WRITEUP MEDIUM WRITEUP

OpenSC <0.20.0-rc3 - Info Disclosure

An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-setcos.c has an incorrect read operation during parsing of a SETCOS file attribute.

CVSS 5.5

View Code

CVE-2020-26570 WRITEUP MEDIUM WRITEUP

OpenSC <0.21.0-rc1 - Buffer Overflow

The Oberthur smart card software driver in OpenSC before 0.21.0-rc1 has a heap-based buffer overflow in sc_oberthur_read_file.

CVSS 5.5

View Code

CVE-2020-26572 WRITEUP MEDIUM WRITEUP

OpenSC <0.21.0-rc1 - Buffer Overflow

The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in tcos_decipher.

CVSS 5.5

View Code

CVE-2021-42781 WRITEUP MEDIUM WRITEUP

Opensc < 0.22.0 - Out-of-Bounds Write

Heap buffer overflow issues were found in Opensc before version 0.22.0 in pkcs15-oberthur.c that could potentially crash programs using the library.

CVSS 5.3

View Code

CVE-2025-24032 WRITEUP CRITICAL WRITEUP

PAM-PKCS#11 <0.6.13 - Privilege Escalation

PAM-PKCS#11 is a Linux-PAM login module that allows a X.509 certificate based user login. Prior to version 0.6.13, if cert_policy is set to none (the default value), then pam_pkcs11 will only check if the user is capable of logging into the token. An attacker may create a different token with the user's public data (e.g. the user's certificate) and a PIN known to the attacker. If no signature with the private key is required, then the attacker may now login as user with that created token. The default to *not* check the private key's signature has been changed with commit commi6638576892b59a99389043c90a1e7dd4d783b921, so that all versions starting with pam_pkcs11-0.6.0 should be affected. As a workaround, in `pam_pkcs11.conf`, set at least `cert_policy = signature;`.

View Code